{"id":185747,"date":"2026-02-09T08:02:00","date_gmt":"2026-02-09T13:02:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/02\/09\/michael-hicks-on-building-safer-software-and-a-better-practices-in-cybersecurity\/"},"modified":"2026-02-09T08:05:10","modified_gmt":"2026-02-09T13:05:10","slug":"michael-hicks-on-building-safer-software-and-a-better-practices-in-cybersecurity","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/02\/09\/michael-hicks-on-building-safer-software-and-a-better-practices-in-cybersecurity\/","title":{"rendered":"Michael Hicks on Building Safer Software and a Better Practices in Cybersecurity"},"content":{"rendered":"

Michael Hicks on Building Safer Software and a Better Practices in Cybersecurity<\/a><\/p>\n

https:\/\/www.seas.upenn.edu\/stories\/michael-hicks-on-building-safer-software-and-a-better-practices-in-cybersecurity\/<\/a><\/p>\n

Publish Date: 2026-02-09 08:02:00<\/a><\/p>\n

Source Domain: www.seas.upenn.edu<\/a><\/p>\n

Author: <\/a><\/p>\n

Using an unordered list, summarize the following article with between 4 and 8 key points.
\n When Michael Hicks, the Cecilia Fitler Moore Professor in Computer and Information Science, Director of the Schlein Center for Cybersecurity and a Penn alum, first encountered an Apple II computer in primary school, he didn\u2019t know it would lead to a lifelong fascination with how to program software and how to make it work better.\u00a0
\nAs a high school student in San Diego, Hicks was good at math but also enjoyed creating things: He ended up spending more time drawing comics than debugging code.\u00a0
\n\u201cI got into the comic convention scene and loved it,\u201d he recalls. \u201cI thought that might be what I would do, become a professional comic artist.\u201d But his practical side eventually won out. \u201cWhen it came time to choose a career path, I turned to engineering.\u201d
\nHis first stop was architectural engineering until he realized he didn\u2019t care much for designing buildings. However, a required computer programming class rekindled his early love of coding. Shortly after, Hicks switched majors, started coding seriously, and ultimately settled on the career path of computer science. But just as he was getting ready to graduate with his bachelor\u2019s degree, he found himself at another crossroads.\u00a0
\n\u201cMy professor asked me what I planned to do. I said, \u2018Get a job,\u2019 and he said, \u2018You should apply for grad school.\u2019 I had never considered continuing school, but I took his advice, completed the GREs, and after two years working in industry, returned to student life. Six years of grad school helped me realize that academia was a perfect environment that would allow me to explore my creativity in a meaningful way. That one conversation changed everything.\u201d
\nAn Academic Fit
\nHicks came to the University of Pennsylvania in 1995 to pursue his Ph.D. His thesis focused on dynamic software updating technology, which enables software to be updated while it\u2019s still running. The innovation aimed to save companies enormous amounts of time and cost by avoiding service interruptions when patching critical security bugs and adding important features. Hicks\u2019 thesis won the ACM Special Interest Group in Programming Languages (SIGPLAN) Doctoral Dissertation award and launched him into his academic career. After graduating, he joined Cornell as a postdoctoral researcher and later the University of Maryland as a professor, founding his own lab.
\nOver the next 20 years, Hicks mentored more than 20 Ph.D. students and continued to push the boundaries of what was possible in reliable and secure computing.\u00a0
\nFrom Safer Code to Safer Languages
\nWhile a postdoctoral researcher and continuing at the University of Maryland in the early 2000s, Hicks and his collaborators confronted a deep problem: the most commonly used programming languages at that time, C and C++, contained inherent weaknesses that made their programs vulnerable to memory corruption attacks.\u00a0
\n\u201cMemory corruption vulnerabilities let attackers inject malicious code into programs,\u201d he explains. \u201cYou can visit a website an attacker has set up to exploit a vulnerability, and as a result your browser might start executing the attacker\u2019s code on your computer.\u201d
\nIn response, Hicks and collaborators developed Cyclone, a language designed to eliminate those vulnerabilities while preserving the power, performance and flexibility of C. Though adoption was limited, the work left a lasting mark. Years later, the developers of Rust \u2014 a language now lauded for its safety features \u2014 drew inspiration directly from Cyclone.
\n\u201cThis is what academic research is about,\u201d says Hicks. \u201cEven if your idea doesn\u2019t become the one the world uses directly, it can become the backbone for future innovation. It was inspiring to see other people build upon original ideas implemented in Cyclone and take them many steps further, integrating them with ideas from other places to address programmers\u2019 needs, and to help address other challenges to ensure programs\u2019 security and reliability.\u201d
\nA Turn Toward Cybersecurity
\nAs computing expanded into the cloud in the 2010s, Hicks turned his attention to addressing the real concern of sharing sensitive data in the cloud, still very much an unknown black box of processes and information at the time. Collaborating with cryptographers and security experts, he helped pioneer cryptographic approaches for \u201cconfidential computing.\u201d Around that time, he also became Director of the University of Maryland\u2019s cybersecurity center, and helped develop new curricula and online programs to train the next generation of security-minded systems and software engineers.
\nIt was in this role that Hicks started exploring \u201cfuzzing,\u201d a technique for automatically discovering software vulnerabilities through randomized testing. But when he and a high school student intern in his lab tried to work with state-of-the-art fuzzers in 2017, they discovered an unsettling issue, not with the code, but with the science itself.
\n\u201cWe couldn\u2019t reproduce other researchers\u2019 results,\u201d says Hicks. \u201cAfter toiling about for a while, we finally realized it wasn\u2019t our fuzzing setup that was broken, it was that the evaluation process across the community did not ensure reliable, reproducible results.\u201d\u00a0
\nTheir breakthrough paper revealed that many studies on fuzzing failed to employ scientific best practices, instead leaning on inconsistent or cherry-picked data. Experiments in the paper showed this was leading to unreliable conclusions.\u00a0
\nReframing the Field at Penn
\nThat moment reshaped Hicks\u2019 thinking about academic research. \u201cIt made me ask: what are we really doing this for? If your work doesn\u2019t produce a firm foundation to build on, leading toward something useful for society, then what\u2019s the point?\u201d
\nHicks left the University of Maryland in 2021, and after a four-year stint at Amazon Web Services, he returned to Penn in 2025, eager to reimagine how his work could serve the broader world.
\nToday, as Director of the Schlein Center for Cybersecurity at Penn Engineering and co-director of the new Master of Science and Engineering in Software Systems and Cybersecurity, Hicks brings that ethos into both his research and teaching. His graduate course, CIS 7000: Secure System Engineering and Management: A Data-Driven Approach, challenges students to connect technical work to human outcomes.\u00a0
\nHicks starts his cybersecurity class with a simple question: Is the world\u2019s cybersecurity safer now than it was ten years ago?\u00a0
\n\u201cStudents start debating the efficacy of various mechanisms for cybersecurity, but I stop them and ask, \u2018how would you measure that?\u2019 What evidence would you collect?\u201d he says. \u201cOnce you think that way, you start to see that improving cybersecurity isn\u2019t just about better code, it\u2019s about better science, and ultimately, better lives for people.\u201d
\nHicks is reaching across disciplines, exploring collaborations with social scientists, lawyers, policy experts and national security scholars. His classroom has become a lively laboratory of ideas with students debating, asking and connecting on the topics of cybersecurity and what it means to everyday life. Hicks encourages these conversations and tells his students to \u201ccommunicate clearly and fail fast.\u201d\u00a0
\nFor Hicks, this philosophy of experimentation, iteration and creativity is what ties together the art and science of computing innovation.\u00a0
\n\u201cBeing back at Penn feels like coming full circle,\u201d he says. \u201cI started out looking at how to make software and its security better. Now I\u2019m thinking about how to make the science of software security better. Doing so will boost the quality of not just my work but that of many others and, I hope, make a real difference in people\u2019s lives.\u201d
\nLearn more about Hicks\u2019 research on his website and the Master of Science and Engineering in Software Systems and Cybersecurity here.<\/p>\n

<\/p>\n","protected":false},"excerpt":{"rendered":"

Michael Hicks on Building Safer Software and a Better Practices in Cybersecurity https:\/\/www.seas.upenn.edu\/stories\/michael-hicks-on-building-safer-software-and-a-better-practices-in-cybersecurity\/ Publish Date:…<\/p>\n","protected":false},"author":1,"featured_media":185748,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.seas.upenn.edu\/wp-content\/uploads\/2026\/02\/Mike-Hicks-Feature-Piece-Illustration_V2-1.png","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,31,27],"class_list":["post-185747","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-exploit","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/185747"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=185747"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/185747\/revisions"}],"predecessor-version":[{"id":185749,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/185747\/revisions\/185749"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/185748"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=185747"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=185747"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=185747"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}